CVE-2024-33001

{"id": "CVE-2024-33001", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-11T03:15:10.393", "references": [{"url": "https://me.sap.com/notes/3453170", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3453170", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application."}, {"lang": "es", "value": "La plataforma SAP NetWeaver y ABAP permite a un atacante impedir el rendimiento de usuarios leg\u00edtimos bloqueando o inundando el servicio. Un impacto de esta vulnerabilidad de denegaci\u00f3n de servicio podr\u00eda ser largas demoras en la respuesta e interrupciones del servicio, degradando as\u00ed la calidad del servicio experimentada por los usuarios leg\u00edtimos y causando un alto impacto en la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2024-11-21T09:16:12.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:2008_1_710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73EF71D-B02D-494D-9FCA-E8B45B8126C4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:st-pi_2008_1_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A30E2E-8FE7-4866-A3A5-9DE9D407FCBB"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}